The Brazilian Data Protection Law - LGPD

Brazil has enacted its Data Protection Law, the LGPD. Inspired by the EU’s GDPR, the LGPD is the first law of its kind in Brazil and a landmark for the region. Brazilian data subjects will now have more control over their personal information, including the right to access, correct and delete it.

Under the LGPD, companies processing personal data in Brazil will have to comply with a sweeping new set of obligations to disclose and limit the processing of data, keep the data secure and disclose if the data is breached. The LGPD also imposes requirements for transferring personal data out of Brazil, including that the receiving organization or country must provide a level of data protection comparable to the LGPD’s.

Companies have 18 months to conduct the diligence, gap analysis and remediation steps to get ready and avoid the LGPD’s potentially severe financial penalties.